System and Method of Validating a Relationship Between a User and a User Account at a Financial Institution

ABSTRACT

A system and method for validating a relationship between a user and a user account at a financial institution includes a data communication device, a memory, a processor coupled to the memory, and an account validation module executable by the processor. The account validation module generates a verification identifier for storage in the memory and is provided to the user, and subsequently receives a user initiated financial transaction involving the user account at the financial institution. The received financial transaction includes a comparison identifier supplied by the user. The account validation module determines whether the comparison identifier corresponds to the verification identifier for purposes of validating the relationship between the user and the user account maintained at the financial institution.

FIELD OF THE INVENTION

The present invention relates to data processing systems, and more particularly relates to a system and method of validating a relationship between a user and a user account at a financial institution.

BACKGROUND OF THE INVENTION

Internet-based payment service providers use payment systems (hereinafter referred to as ‘payment systems’ for the sake of brevity) that allow account holders (users) to transfer funds from accounts being maintained at their financial institutions, and perform financial transactions online with the transferred funds. For example, payment systems enable users to purchase goods and services online from the stored funds, and may also provide money market and brokerage services. However, as with other online services, there is the possibility of use of such user account for money laundering and other potentially illegal and unauthorized activity. Accordingly, it is important to implement security features that ensure that the transfer of funds to and from such accounts is legitimate, authorized, auditable and traceable.

Therefore, it would be desirable to provide a system and method of ensuring that a user account being maintained at a financial institution legitimately belongs to the user.

SUMMARY OF THE DISCLOSURE

In a first aspect, the present invention provides a system for validating a relationship between a user and a user account at a financial institution that includes a data communication device, a memory, a processor coupled to the memory, and an account validation module executable by the processor. The account validation module is adapted to generate a first verification identifier for storage in the memory, provide a second verification identifier corresponding to the first verification identifier to the user, receive a user initiated financial transaction involving the user account at the financial institution, the received financial transaction including a comparison identifier supplied by the user, and determine if the comparison identifier corresponds to the stored first verification identifier for purposes of validating the relationship between the user and the user account maintained at the financial institution.

In another aspect, the present invention provides a method of validating a relationship between a user and a user account at a financial institution that includes providing a verification identifier to a user, receiving a user initiated financial transaction involving the user account at the financial institution, the received financial transaction including a comparison identifier, and determining whether the received comparison identifier corresponds to the verification identifier provided to the user for purposes of validating the relationship between the user and the user account maintained at the financial institution.

In yet another aspect, the present invention provides a system for validating a relationship between a user and a user account at a financial institution that includes a data communication device, a memory, a processor coupled to the memory, and an account validation module executable by the processor. The account validation module is adapted to: (1) receive, from the user, user profile data containing a first account identifier of the user account, (2) generate a verification identifier, provide the verification identifier to the user, (3) receive a user initiated financial transaction involving the user account at the financial institution, the received financial transaction including a comparison identifier supplied by the user and a second account identifier, and (4) validate the relationship between the user and the user account maintained at the financial institution if the received comparison identifier corresponds to the generated verification identifier and the received second account identifier corresponds to the first account identifier contained in the received user profile data.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of an exemplary financial system in which the present invention may be employed.

FIG. 2 is an exemplary computer employed by the payment system to enable validation of a user account at a financial institution according to an embodiment of the present invention.

FIG. 3 is a flow chart of an exemplary process by which a user sets up an internal account with the payment system according to an embodiment of the present invention.

FIG. 4 is a schematic diagram of an exemplary user profile record according to an embodiment of the present invention.

FIG. 5 is a flow chart of an exemplary method of validating a user account at a financial institution according to an embodiment of the present invention.

FIG. 6 is an exemplary online banking transfer form according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

According to the present invention, a user establishes an internal account with a payment service provider, providing user profile data to the payment system which the payment system stores in a user profile record to identify the account. The user profile record, which is maintained securely, includes information identifying an account at a financial institution (other than the payment system) that the user may employ to transfer funds to or from the payment service provider. The financial institution may be a bank, a credit card facility or any other institution at which the user maintains a financial account. For example, a user may have an account at XYZ bank; the user profile record will then include the routing information of the XYZ bank and the user's account number at the XYZ bank.

When the internal user account is established at the payment service, the payment system generates a unique verification identifier associated with the account, and then sends the verification identifier or a corresponding verification identifier to the user. To ensure that the user has control of the user account at the financial institution, the payment service requests the user to perform a financial transaction with the user account (e.g., transfer $50 from the financial institution to the internal account maintained at the payment service) by including the verification identifier in the transaction.

Subsequently, when a financial transaction is received from the financial institution attempting to transfer funds into the user's internal account, the payment system validates that the user has a pre-existing relationship with the financial institution as a security measure. Specifically, the user directs the financial institution to include the verification identifier it has received previously from the payment system with the transaction along with the user's account information at the financial institution. Upon receipt of financial transaction, the payment system uses the received identifier as an index to locate the user's profile record. The payment system then determines whether financial account information included in the financial transaction matches the financial information in the user's profile record, indicating that the user has a relationship with the financial institution. If the relationship is validated, the verification identifier is no longer required to be included in further financial transactions between the financial institution and the payment system. However, the verification identifier may be included in further financial transactions for purposes of revalidation or as a steering mechanism to direct deposits to the appropriate user account.

FIG. 1 is a block diagram of an exemplary financial system 100 in which the present invention may be employed. The system 100 includes a payment system 102 employed by a payment service provider, in which a user 104 may establish financial accounts that store funds and which may be used to pay for goods and services online in a convenient manner. The user 104 may be any individual or corporate entity seeking to establish and use an account in the payment system 102. The user 104 may be connected to the payment system 102 via the Internet 106 using any suitable wire or wireless communication link.

The user 104 maintains a financial account at a financial institution 108. The financial institution 108 may be a bank, credit card facility, money market account or any other institution which holds financial accounts. The user 104 has control over the financial account at the financial institution 108 and can direct the financial institution 108 to transfer funds from the financial account by various means (e.g., check, credit or debit card, wire instruction, online interface, etc.) in a financial transaction. The financial institution 108 may communicate the financial transaction to the payment system 102 via a secure link 110, which may be proprietary, using known communication methods. For example, if the financial institution 108 is a bank, the financial transaction may be implemented using a direct entry (DE) file communicated by direct inter-bank transfer or through intermediary entities such as the Automated Clearing House (ACH). To support online communications, the financial institution 108 may also be connected to the Internet 106.

It is to be appreciated that while the system 100 of FIG. 1 is depicted as having a single user 104 and a single financial institution 108, this depiction is merely illustrative, and system 100 typically includes a plurality of users, each of which may have accounts at one or more financial institutions.

Referring now to FIG. 2, an exemplary computer (e.g., server) 200 of the payment system 102 is shown. The computer 200 includes a communication device 202 adapted for data communication using a plurality of communication modes and protocols. The communication device 202 receives information from and sends information to the user 1 04 via the Internet 106 and from/to the financial institution 108 over link 110. The computer 200 also includes a processor (CPU) 204, memory storage 206, program storage 208, and data storage 210, all commonly connected to each other through a bus 212. The program storage 208 includes an account validation module 214 that further includes a user registration module 216 and a matching module 218. The user registration module 216 includes program code for establishing internal user accounts and may support a web-based interface with forms, dialog boxes, etc. that prompt the user to enter information to register with the payment system 102. The matching module 216 performs validation of user accounts at financial institutions. The data storage 210 stores a user profile records 220 for all internal user accounts of the payment system 102. The software program modules in the program storage 208 and data in the data storage 210 may be transferred to the memory 206 as needed for ready access by the processor 204.

It is to be appreciated that the computer 200 may comprise any computer such as a personal computer, minicomputer, workstation or mainframe, or a combination thereof. While the computer 200 is shown, for illustration purposes, as a single computer unit, the system may comprise a group/farm of computers which can be scaled depending on the processing load and database size.

FIG. 3 is a flow chart of an exemplary process 300 by which a user 104 sets up an internal account with the payment system 102 according to an embodiment of the present invention. In step 302, the method begins. The user registration module 216 of the payment system 102 may support a web interface (not shown) having a registration form that prompts the user 104 to enter personal information (user profile data). In step 304, the user registration module 216 receives the user profile data entered into the web interface. In step 306, the user registration module 216 creates an internal account for the user 104 with a unique account identifier, such as an account number. In some embodiments, to keep the unique account identifier secure, the account identifier is not provided to the user and is kept inaccessible from the user 104 even when the user accesses his or her account at the payment system 102. This security measure reduces the possibility of identity theft and unauthorized access to the user's account.

In a following step 308, the user registration module 216 creates a user profile record associated with the new internal account (i.e., with the new unique account number) to store the received user profile data. The user profile record 400 may be stored as part of a database 220 of user profile records. An exemplary user profile record 400 according to an embodiment of the present invention is shown in FIG. 4. The exemplary user profile record 400 includes personal information 402 such as a secure ID 402, the user's name 404, address 406, verification identifier (explained below) 408, email address 410, tax ID 412, and account balance 414. In addition, the user profile record 400 includes financial account information 420, 430 for two financial institutions (financial institution #1, financial institution #2) at which the user maintains financial accounts. The financial account information 420 includes the name of financial institution 422, the routing number of the institution 424, the user's account number at the institution 426 and a verification flag 428 indicating whether the user's relationship with financial institution #1 has been verified. Financial account information 430 includes similar name 432, routing 434, account 436, and verification flag 438 information with respect to financial institution #2. The user profile record 400 may also include a transaction history 440 containing a list of transactions the user has performed using the payment system 102. The user profile record 400 may also include any other user information deemed appropriate.

Referring again to FIG. 3, the user registration module 216 receives the personal information 402 and financial account information of at least one of the financial institutions 420, 430 in step 308. In step 310, the user registration module 216 generates a unique verification identifier to be associated with the user profile record 400 (internal user account). In some embodiments, the verification identifier is a number or alphanumeric string of less than 16 digits or characters. The verification identifier may be partially or fully based on user information supplied by the user. For example, the identifier can be based on the name of the user whose name character string is converted into a number and then truncated to an appropriate size. In step 312, the user registration module 216 sends the verification identifier to the user 104. In some embodiments, in a following step 314, the user registration module 216 generates a second verification identifier derived from the first verification identifier (e.g., by hashing) and stores the second verification identifier in the user profile record 400 rather than the first verification identifier that has been sent to the user 104 as an added security measure. According to this embodiment, the verification identifier held by the user 104 and the verification identifier stored in the user profile record 400 differ, so that the verification identifier given to the user 104 is not directly accessible to personnel of the payment system 102.

In step 316, the user registration module 216 sends payee bank information of the payment system 102 to the user 104 (i.e., the account information of the payment system at a bank), enabling the user 104 to direct a money transfer from the user's financial institution 108 to the bank account of the payment system 102 and thereby to the internal user account at the payment system 102.

FIG. 5 is a flow chart of an exemplary method 500 of validating a user account at a financial institution according to an embodiment of the present invention. In step 502, the method begins. In step 504, a matching module 218 of the payment system receives a financial transaction notification (denoted simply as ‘financial transaction’ herein) from the financial institution 108 as directed by the user 104. FIG. 6 is an exemplary online banking transfer form 600 which the user may employ to transfer funds from the financial institution 108 to the user's account at the payment system 102. As indicated, the form 600 includes text input boxes for entering: the financial account information of the sending institution (From Account) 602, the financial account information of the payment system 604, the amount of the transfer 606, and reference information 610 as well as a selection box for the type of transfer 608. According to an embodiment of the present invention, the user 104 enters the verification identifier previously received from the payment system 102 in the reference information box 610. The information entered into form 610 is first delivered to the financial institution 108, which reformats the information into a financial transaction notification according to known inter-bank transfer protocols. For example, the financial institution 108 may incorporate the financial transaction in a direct entry (DE) file. Importantly, DE files may have fields and/or spaces in which the reference information 610 entered into the form 600, i.e., the verification identifier, may be entered. Since the matching module 218 tests the verification identifier included in the financial transaction, it is referred to as the ‘comparison’ identifier in the description below. Similarly, financial account information 602, 604, 606 is denoted as ‘second’ financial account information. The financial institution 108 sends the financial transaction to the payment system's account at the payee bank (not shown), which then passes the financial transaction to the matching module 218 of the payment system 102.

After the matching module 218 receives the financial transaction, in step 506, the matching module 218 queries the user profile records 220 for a corresponding verification identifier, for example, by performing the same hash used to derive the stored verification identifier on the comparison identifier and then comparing the hashed result with the stored verification identifier in the user profile record 400. It is noted that in embodiments in which the verification identifier that is sent to the user 104 and the stored verification identifier are the same, that a hashing process is not performed. If the user 104 has not registered with the payment system 102, in step 508, the matching module 218 causes a message indicating a denial of the transfer to the financial institution 108. After step 508, the method ends in step 518. If it is determined in step 506 that the user 104 has registered with the payment system 102, the comparison identifier will correspond to the stored verification in the user profile record database, and, in step 510 the corresponding user profile record is returned as the output of the query. In step 512, the matching module 218 then determines whether the second financial account information included in the financial transaction matches the first financial account information stored in the user profile record 400. More specifically, it is determined whether all items match, i.e., whether the first and second financial account information match exactly as to the name of the financial institution, the routing number, and the user account number. If the first and second financial account information match, in step 514, the matching module 218 validates the relationship between the user 104 and the financial institution 108 and the verification flag 438 in the user profile record 400 is set (e.g., to a check, “yes”, etc.). In step 516, the matching module 218 transfers the deposit to the internal user account at the payment system 102, and updates the balance information in the user profile record 400, and then the method ends in step 518. If it is determined that the first and second financial account information do not match in step 512, the method branches to step 508, and the matching module 218 causes a transfer denial message to be sent to the financial institution 108.

Once the relationship between the user 104 and a financial institution 108 has been validated, further financial transactions sent from the financial institution 108 to the payment system 102 do not require a verification identifier to be included (however, as noted, the verification identifier may be included in further transactions for purposes of revalidation or as a steering mechanism); when a subsequent financial transaction from a financial institution 108 is received, the matching module 218 can query the user profile records 220 using the routing number and account number of the financial institution 108 and thereby determine that the verification flag 438 associated with the routing and account number has been set, indicating that the user/financial institution relationship has already been validated. In an alternative embodiment, the payment system 102 may initiate subsequent transactions as directed by the user and ‘pull’ transfers from validated financial institutions. Since both the user and the relationship of the user 104 to the financial institution 108 are trusted, pull transactions performed in this manner do not present significant security risks.

The foregoing specific embodiments represent just some of the ways of practicing the present invention. Many other embodiments are possible within the spirit of the invention. Accordingly, the scope of the invention is not limited to the foregoing specification, but instead is given by the appended claims along with their full range of equivalents. 

1. A system for a payment service provider to validate a relationship between a user and a user account maintained at a financial institution comprising: a communication device; a memory; a processor coupled to the memory and communication device; and an account validation module executable by the processor and adapted to: store in the memory user account information received from the user, provide to the user a verification identifier associated with the user account, receive a user initiated financial transaction involving the user account at the financial institution through the communication device, the received financial transaction being a completed transaction and including a comparison identifier supplied by the user, determine whether the comparison identifier contained in the received user initiated financial transaction corresponds to the verification identifier, validating the relationship between the user and the user account maintained at the financial institution if the comparison identifier id determined to correspond to the verification identifier.
 2. The system according to claim 1, wherein the account validation module: receives, from the user, user account information including first financial institution information concerning the financial institution maintaining the user account; receives, from the user initiated financial transaction, second financial institution information concerning the financial institution involved in the financial transaction; and determines whether the first financial institution information matches the second financial institution information as part of the validation of the relationship between the user and the user account maintained at the financial institution.
 3. The system according to claim 2, wherein each of the first and second financial institution information includes a routing number and an account number.
 4. The system according to claim 2, wherein each of the first and second financial institution information further includes a routing number, an account number and a name of a financial institution.
 5. The system according to claim 2, wherein the account validation module includes a user registration module adapted to: receive user profile data from the user which includes the user account information; and create an internal user account for the user with the received user profile data.
 6. The system according to claim 5, wherein the user registration module is further adapted to generate a secure account identifier associated with the internal user account, the secure account identifier being inaccessible to the user.
 7. The system according to claim 6, wherein the financial transaction includes a deposit and the account validation module is adapted to transfer the deposit to the internal user account.
 8. A system for a payment service provider to validate a relationship between a user and a user account maintained at a financial institution comprising: a communication device; a memory; a processor coupled to the memory and the communication device; and an account validation module executable by the processor and adapted to store in the memory user profile data received from the user and containing an account identifier of the user account and provide a verification identifier to the user, the account validation module further adapted to receive a user initiated financial transaction involving the user account at the financial institution through the communication device, the received financial transaction being a completed transaction and including a comparison identifier supplied by the user and a source account identifier, and validate the relationship between the user and the user account maintained at the financial institution if the received comparison identifier corresponds to the verification identifier and the received source account identifier corresponds to the account identifier contained in the stored user profile data.
 9. The system according to claim 8, wherein the account validation module requests the user to initiate the financial transaction at the financial institution with the verification identifier.
 10. The system according to claim 8, wherein after receiving the user initiated financial transaction, the account validation module: retrieves the account identifier contained in the stored user profile data; and determines whether the retrieved account identifier matches the source account identifier contained in the user initiated financial transaction.
 11. The system according to claim 8, wherein each of the account identifier in the stored user profile data and the source account identifier includes a routing number and an account number.
 12. The system according to claim 11, wherein the account identifier in the stored user profile data further includes a name of a financial institution.
 13. The system according to claim 8, wherein the verification identifier includes an alphanumeric string.
 14. The system according to claim 8, wherein the account validation module is adapted to create an internal user account associated with the user profile data.
 15. The system according to claim 14, wherein the account validation module is adapted to generate a secure reference identifier associated with the internal user account, the secure reference identifier being inaccessible to the user.
 16. The system of claim 14, wherein the financial transaction includes a deposit and the account validation module is adapted to transfer the deposit to the internal user account.
 17. A method of validating a relationship between a user and a user account maintained at a financial institution comprising: generating and storing in a memory a verification identifier; providing the stored verification identifier to a user; receiving a user initiated financial transaction involving the user account at the financial institution, the received financial transaction being a completed transaction and including a comparison identifier supplied by the user; retrieving from the memory the stored verification identifier by a processor; determining by the processor whether the received comparison identifier corresponds to the retrieved verification identifier provided to the user for purposes of validating the relationship between the user and the user account maintained at the financial institution.
 18. The method according to claim 17, wherein: before the step of providing the stored verification identifier to a user, the method further comprises receiving, from the user, user account information including first financial institution information concerning the financial institution maintaining the user account; the received financial transaction includes second financial institution information concerning the financial institution involved in the financial transaction; and the method further comprises determining by the processor whether the first financial institution information matches the second financial institution information.
 19. The method according to claim 18, wherein each of the first and second financial institution information includes a routing number and an account number.
 20. The method according to claim 19, wherein each of the first and second financial institution information further includes a name of a financial institution.
 21. The method according to claim 18, further comprising: receiving user profile data from the user, the user profile data including the user account information; and creating an internal user account for the user associated with the user profile data.
 22. The method according to claim 21, further comprising: under the control of the processor, generating a secure account identifier for the internal user account; and associating the secure account identifier with the user profile data; wherein the secure account identifier is inaccessible to the user.
 23. The method according to claim 21, wherein the financial transaction includes a deposit and the method further comprises transferring the deposit to the internal user account. 